Consolidated Project State (v8.8.0)
The Consolidated Project State window provides a high level summary of the status of each project.
To display the Consolidated Project State window:
Go to Dashboard > Project State and click the link on the Project Name. The Consolidated Project State window is displayed.
Summary
You can perform the following actions from the Consolidated Project State window:
- Full Scan - perform a SAST scan for the whole project
Incremental Scan - perform a SAST scan for only new and modified files since the last scan
Run OSA - perform Open Source Analysis on predefined open source libraries associated with this project.
Note that a purchased or trial CxOSA license is required in order to run CxOSA projects. Please contact your Checkmarx Administrator.
CI/Build plugins now use new core library with better compatibility and increased result accuracy. The new capability extracts dependencies resolving manifest files on the customer side.
Additional Actions:
- Edit Project - displays the projects details
- Open Scan Summary - displays the scan summary
Open Viewer - displays the scan results viewer
CxOSA Viewer - displays the CxOSA scan results viewer (see CxOSA Viewer).
Action options on the Consolidated Project State window are available according to the user's permissions.
Current Status - Includes the time/date stamp indicating the date and time of the last SAST scan
SAST Vulnerabilities Status
Provides a graph with the status of each vulnerability severity.
- Recurring vulnerability instances from previous scan
Solved is defined as vulnerabilities fixed/solved since last scan
If no scans have yet been performed a "No Scans Performed" message is displayed. For more details about projects and scans, refer to Creating and Configuring Projects.
If a new scan is currently in progress a "New Scan in Progress "message is displayed. For more details about the status of the scan, refer to the Queue.
Click the Full Scan Results link to display the Scan List for this project.
SAST Progress Status
Provides a graph with the progress status of each vulnerability severity.
Open Source Analysis (CxOSA)
Open Source Analysis (OSA) helps you manage the security risk involved in using open source libraries in your applications. This provides open source analysis results for predefined open source libraries associated with this project. Includes a stamp indicating the date and time of the last analysis.
In order to start working with CxOSA, you need to accept the End User License Agreement (EULA). Click the View EULA button, read and accept the agreement.
The following summary results are displayed:
- No Known Vulnerable Libraries - Number of libraries without any known security vulnerabilities.
- Vulnerable Libraries - Distribution of the vulnerable libraries:
- Vulnerable - number of libraries that have at least one security vulnerability
- Outdated - number of vulnerable libraries for which a newer version is available (major vs minor release).
If the Open Source Analysis license has not yet been enabled for this project a warning message is displayed. Please contact your Checkmarx Administrator.
Click the Run Analysis Now link to perform an Open Source Analysis. A "New Open Source Analysis is in progress" indicator is displayed.
If the Open Source Library directory location has not yet been configured and you try to run CxOSA, a warning message is displayed. Click on the link and define the Open Source Libraries location before continuing with the analysis.
For more information about Open Source Analysis (CxOSA), please see the CxOSA Viewer.
Scan History
Click the Scans History tab to display the scan results for the project.